A critical security flaw is affecting Zyxel firewall devices – here’s what you need to know

A critical vulnerability discovered in a number of Zyxel networking appliances is being abused in the wild, cybersecurity researchers are saying, urging users to apply a fix now.

A flaw tracked as CVE-2023-28771 was recently discovered affecting different devices belonging to multiple lineups: ATP, USG FLEX – ZLD, VPN – ZLD, and ZyWALL/USG – ZLD. The flaw was described as a critical severity command injection flaw that allows threat actors to install malware on the affected endpoints.